3com:tippingpoint:x506:general_configuration:users_authenticated_via_ldap_are_not_placed_in_the_correct
USERS AUTHENTICATED VIA LDAP ARE NOT PLACED IN THE CORRECT
Symptoms:
- Users authenticated via LDAP are not placed in the correct User Privileged Group
- How do I define a user so it is affected to the correct Privileged Group?
- Active directory is not providing the correct Privileged Group return attribute.
Facts:
- X5
- X506
- 3CRX5-U-96
- 3CRX5-25-96
- 3CRX506-96
- 3CRTPX506-96
- Active Directory
- eDirectory
- TOS 3.0.0
- Webfilter
Fixes: The LDAP server must return a MemberOf information to the X series which will contain the name of the group of which the user is a member of (The user and the User Group must be defined on the LDAP server for example in Active Directory for Windows Server).
The MemberOf group name return by the LDAP server must be the same name as the Privileged Group defined in the X series firewall (i.e. if in Active Directory the administrator has defined a user pom part of ldapgroup user group then the Privileged Group on the X series must also be named ldapgroup) .
From the X series LDAP test page a successful LDAP authentication should look something like that:
Trying bind with configured bind user: CN=pom,ou=ldapunit,dc=3COMGSOWIRELESS,dc=local bind successful using user search tree: ou=ldapunit,dc=3COMGSOWIRELESS,dc=local sAMAccountName = pom userPrincipalName = pom@3ComGSOWireless.local memberOf = CN=ldapgroup,OU=ldapunit,DC=3ComGSOWireless,DC=local Trying user bind: CN="pom",ou=ldapunit,dc=3COMGSOWIRELESS,dc=local bind successful matching priv-group: ldapgroup chose group ldapgroup Login Success Test OK
- Product(s): X Family
- Sub Product(s): X5, X506
— David Gonzalez 2021/04/07 16:18
3com/tippingpoint/x506/general_configuration/users_authenticated_via_ldap_are_not_placed_in_the_correct.txt · Last modified: 2021/04/07 16:24 by dgonzalez